W3C home > Mailing lists > Public > public-device-apis@w3.org > October 2009

Re: ISSUE-11: Gathering requirements [FileSystem API]

From: Robin Berjon <robin@robineko.com>
Date: Mon, 5 Oct 2009 18:04:44 +0200
Cc: "'public-device-apis@w3.org'" <public-device-apis@w3.org>
Message-Id: <4D4078B9-367A-4641-B438-581E97914755@robineko.com>
To: "Nilsson, Claes1" <Claes1.Nilsson@sonyericsson.com>
Hi,

On Oct 5, 2009, at 14:34 , Nilsson, Claes1 wrote:
> I am considering the following: Web applications, for example social  
> network services,  often require secrets, “credentials” to get  
> access to service APIs.  If these credentials are stored in the  
> application html or JavaScript code then they are easily accessible  
> and can be misused.  To protect these credentials it would be useful  
> if the FileSystem API provides a secure storage and management of  
> credentials.

Are you thinking about API keys, like for Twitter or Flickr, or about  
a different sort of credential?

> What about adding a requirement that says:
>
> “SHOULD provide secure storage and management of credentials.”

Is that expected to be, say, an encrypted volume? I'm not sure I fully  
understand the level of security you are looking for here, could you  
provide a concrete case of an application using this functionality,  
and how it contrasts with one that doesn't (it doesn't need to be very  
complex)?

--
Robin Berjon
   robineko — setting new standards
   http://robineko.com/
Received on Monday, 5 October 2009 16:05:14 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:53:39 UTC